Content Security Policy

Details about Content Security Policy (CSP) and its application in web security.

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Nov 27, 2025

—

by

Reza Rafati

in Cyber News & Updates

Microsoft is enhancing security for Entra ID authentication by blocking unauthorized script injection attacks, starting in late 2026. This move involves updating their Content Security Policy (CSP) for the “login.microsoftonline.com” sign-in experience, allowing only scripts from trusted Microsoft domains to execute, thereby preventing malicious code.